[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Hacking Victim Bit9 Blames SQL Injection Flaw
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-02-26 7:52:29
Message-ID: alpine.DEB.2.02.1302260152200.1406 () infosecnews ! org
[Download RAW message or body]
http://www.cio.com/article/729401/Hacking_Victim_Bit9_Blames_SQL_Injection_Flaw
By Jeremy Kirk
IDG News Service
February 25, 2013
Bit9 said a common Web application vulnerability was responsible for allowing
hackers to ironically use the security vendor's systems as a launch pad for
attacks on other organizations.
Based in Waltham, Massachusetts, the company sells a security platform that is
designed in part to stop hackers from installing their own malicious software.
In an embarrassing admission, Bit9 said earlier this month that it neglected to
install its own software on a part of its network, which lead to the
compromise.
In a more detailed explanation on its blog on Monday, Bit9 said attackers
gained access by exploiting a SQL injection flaw in one of its Internet-facing
Web servers. A SQL injection flaw can allow a hacker to enter commands into a
web-based form and get the backend database to respond.
The compromise happened around July 2012, wrote Bit9's CTO Harry Sverdlove.
Once inside Bit9, the hackers accessed a virtual machine used to digitally sign
code for Bit9, a security measure that verifies the company's code is
legitimate.
[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic